diff --git a/src/Psalm/Type/Reconciler.php b/src/Psalm/Type/Reconciler.php
index f21b96530..d6587f1f9 100644
--- a/src/Psalm/Type/Reconciler.php
+++ b/src/Psalm/Type/Reconciler.php
@@ -309,7 +309,7 @@ class Reconciler
             }
 
             if (($statements_analyzer->data_flow_graph instanceof \Psalm\Internal\Codebase\TaintFlowGraph
-                    && $result_type->hasString())
+                    && (!$result_type->hasScalarType()) || $result_type->hasString())
                 || $statements_analyzer->data_flow_graph instanceof \Psalm\Internal\Codebase\VariableUseGraph
             ) {
                 if ($before_adjustment && $before_adjustment->parent_nodes) {
diff --git a/tests/TaintTest.php b/tests/TaintTest.php
index 67a50dcd4..4e5a5b583 100644
--- a/tests/TaintTest.php
+++ b/tests/TaintTest.php
@@ -1534,6 +1534,21 @@ class TaintTest extends TestCase
                     }',
                 'error_message' => 'TaintedInput',
             ],
+            'taintReturnedArray' => [
+                '<?php
+                    function processParams(array $params) : array {
+                        if (isset($params["foo"])) {
+                            return $params;
+                        }
+
+                        return [];
+                    }
+
+                    $params = processParams($_GET);
+
+                    echo $params["foo"];',
+                'error_message' => 'TaintedInput',
+            ],
             /*
             // TODO: Stubs do not support this type of inference even with $this->message = $message.
             // Most uses of getMessage() would be with caught exceptions, so this is not representative of real code.